<?php
session_start();

$action = @$_GET["action"];
$from = @$_GET["from"];
$to = @$_GET["to"];
$id = @$_GET["id"];
$data = @$_GET["data"];
$user = @$_GET["user"];

$error = false;

if((!isset($_SESSION["user"]))||(!isset($_SESSION["type"]))||($_SESSION["user"] == ""))
	$error = true;

if($error)
{
	session_unset();
	session_destroy();

	header("Location: login.php");
	exit;
}

if($from == "")
	$from = "login";

require("include/config.inc.php");
require("include/mysql.inc.php");

$db = new MySQL();

$db->connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME, DB_DEBUG);

switch($to)
{
	case "pubblicati":
		$tabella = "Annuncio_pubblicato";
		break;
	
	case "pendenti":
		$tabella = "Annuncio_pendente";
		break;
	
	case "scaduti":
		$tabella = "Annuncio_scaduto";
		break;
		
	default:
		$tabella = "Annuncio_pendente";
		break;
}

if($action == "ins")
{
	$db->query("SELECT * FROM $tabella WHERE codice = '$id' AND data_pub = '$data' AND utente = '$user'");
	
	if($db->get_num_rows() > 0)
	{
		$row = $db->fetch_array();
		
		$db->query("INSERT INTO Annuncio_pubblicato VALUES ('','" . $row["data_pub"] . "','" . $row["data_sca"] . "','" . $db->escape($row["corpo"]) . "','" . $db->escape($row["autore"]) . "','" . $row["utente"] ."')");
		$db->query("DELETE FROM $tabella WHERE codice = '" . $row["codice"] . "'");
	}
}

if($action == "del")
	$db->query("DELETE FROM $tabella WHERE codice = '$id' AND data_pub = '$data' AND utente = '$user'");

$db->close();

header("Location: $from.php");
exit;
?>
	